The Securities and Exchange Commission has issued a risk alert based on shortcomings identified during 75 cybersecurity exams of advisory firms. Some firms had software patches that remained uninstalled, and less than two-thirds of firms had policies for notifying clients of data breaches.